[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Safe Key Generation

To: Bob Jueneman <BJUENEMAN@novell.com>
Subject: Safe Key Generation
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 1 Jul 1997 23:01:02 -0700
Cc: spki@c2.net
In-Reply-To: <s3b8e533.079@novell.com>
Sender: owner-spki@c2.net

At 10:08 AM -0700 7/1/97, Bob Jueneman wrote:
>How many user key pairs do you know of that were generated on TCSEC-rated A1
>systems using FIPS 140-1 rated level 4 cryptographic implementations?  None,
>you say?  OK, how many key pairs do you know of that were at least generated
>on a C2 rated system, using a FIPS 140-1 level 1 rated crypto?  Again,
>virtually none, you say?

I am not sure I consider the rating of the system as important as its
history.  For example, if you generate a key on a Mac/Windows system which
has been freshly installed from manufacturer's CDROM on a freshly
initialized hard disk, I would feel much safer than with a C2 system (no
Trojan horse protection) which had been running connected to the global
internet for 6 months.

-------------------------------------------------------------------------
Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA

Prev by Date: Re: legal question about certs
Next by Date: Re: Mary is Mary
Prev by thread: P.S. Re: legal question about certs
Next by thread: Re: Mary is Mary
Index(es):
- Main
- Thread